Restify OAuth2 (cc only)
A fork of restify-oauth2 that removes the
Resource Owner Password Credentials support and makes authentication
token generation a GET
rather than a POST
request.
Unit Tests
npm test
Runs all the unit and integration tests. All tests from the original repository pass after the modifications listed below.
Modifications
The following list indicates the differences with the initial implementation.
- Token generation is performed with a GET rather than POST request.
- Removed support for the request body and
grant_type
field. tokenEndpoint
option renamed toendpoint
.wwwAuthenticateRealm
option renamed torealm
.tokenExpirationTime
option renamed toexpires
.- Remove dependency on underscore.
- Remove oauth2-token link messages.
- Rename
clientId
touser
. - Change various messages to be more professional.
- Make error output consistent with restify error output.
Documentation is available at the original repository.
Configuration
var restify = ;var oauth2 = ;var server = restify;server;oauth2;
Notes
- Unlike the original implementation the restify body parser is not required to use this package.
- The
user
fields name was chosen as it is more consistent with other parts of our real-world application that use express and passport. In addition, in a real application you typically want to assign a complex object (user model) to the request object rather than an identifier, thereforeuser
is probably more semantically correct.